The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Grafana

Grafana: file reading via MySQL Connection String
A local attacker can read a file via MySQL Connection String of Grafana, in order to obtain sensitive information...
CVE-2019-19499, RHSA-2020:4682-01, VIGILANCE-VUL-33197
Grafana: Cross Site Scripting via Snapshot Original Dashboard Link
An attacker can trigger a Cross Site Scripting via Snapshot Original Dashboard Link of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-11110, RHSA-2020:4682-01, VIGILANCE-VUL-32929
Grafana: information disclosure via Avatar HTTP Scan
An attacker can bypass access restrictions to data via Avatar HTTP Scan of Grafana, in order to obtain sensitive information...
CVE-2020-13379, FEDORA-2020-a09e5be0be, FEDORA-2020-e6e81a03d6, openSUSE-SU-2020:0892-1, openSUSE-SU-2020:1105-1, openSUSE-SU-2020:1611-1, openSUSE-SU-2020:1646-1, RHSA-2020:2641-01, RHSA-2020:2676-01, VIGILANCE-VUL-32406
Grafana: Cross Site Scripting via Dashboard Settings
An attacker can trigger a Cross Site Scripting via Dashboard Settings of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18625, VIGILANCE-VUL-32402
Grafana: Cross Site Scripting via Table Panel Set Column Styles
An attacker can trigger a Cross Site Scripting via Table Panel Set Column Styles of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18624, RHSA-2020:4682-01, VIGILANCE-VUL-32401
Grafana: Cross Site Scripting via Text Panel Set Options
An attacker can trigger a Cross Site Scripting via Text Panel Set Options of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18623, VIGILANCE-VUL-32400
Grafana: Cross Site Scripting via OpenTSDB Data Source
An attacker can trigger a Cross Site Scripting via OpenTSDB Data Source of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-13430, RHSA-2020:4682-01, VIGILANCE-VUL-32327
Grafana: information disclosure via /var/lib/grafana
An attacker can read /var/lib/grafana on a Grafana host, in order to obtain sensitive information...
8283, CVE-2020-12458, CVE-2020-12459, FEDORA-2020-c6b0c7ebbb, FEDORA-2020-d109a1d1d9, RHSA-2020:4682-01, VIGILANCE-VUL-32155
Grafana: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-12052, CVE-2020-12245, openSUSE-SU-2020:0892-1, openSUSE-SU-2020:1105-1, openSUSE-SU-2020:1611-1, openSUSE-SU-2020:1646-1, RHSA-2020:4682-01, VIGILANCE-VUL-32105
Grafana: Cross Site Scripting via Column Link
An attacker can trigger a Cross Site Scripting via Column Link of Grafana, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-31440
Our database contains other pages. You can request a free trial to read them.

Display information about Grafana: